Organizations use Penetration Testing for a variety of reasons. Often it’s to fine-tune their security devices, uncover vulnerabilities that they didn’t know they had, or simply test the effectiveness of their blue teams. Companies that need to justify budget increases also use a pentest to prove that it is possible to breach their defenses and capture potentially damaging information. Once Raxis findings are written clearly in a report, it is easier to make a case for increased spending in cybersecurity.
Penetration test findings can sometimes create a bit of work to remediate, but we’ll help by demonstrating step-by-step what we did and documenting how to fix it. If we could breach your perimeter and gain access to your network, then it’s certainly possible for a malicious attacker to do the same. Unfortunately that means reworking your cybersecurity processes. Other times, it means a complete overhaul of your security program. Either way, you'll go in knowing the strategic value of corrective actions. We may share some virtual high-fives among ourselves, but the real victory is yours. You will have uncovered hidden risks, taken corrective actions, and become better prepared for the real-world threats coming your way.
A Raxis Penetration Test is a much more thorough, manual procedure that requires highly specialized talent, years of expertise, self-compiled tools, and a bit of creativity to accomplish correctly. A pentest uncovers security risks that the vulnerability scan simply can’t see. For example, a nested critical vulnerability that is hidden behind a moderate exposure, or a business logic error that the scanner didn’t realize provided critical access. It’s not about getting a clean report - you want us to find ways into your network. Once you know how we breached your perimeter, you can close those gaps and significantly reduce your chances of being hacked by a real malicious actor.
A vulnerability scan, or vuln scan for short, is a security assessment conducted using a software tool to test defined targets, and the output provided is an automated report. Vuln scans can be run by almost anyone with technical knowledge and are often used to meet regulatory requirements or ensure that security controls are performing as expected. There’s nothing wrong with vulnerability scans; they certainly have a use and are often performed by our customers right before a penetration test to help prepare. However, vuln scans (and their mislabeled “discount pentest” counterparts) are not the same as a penetration test. Companies who misrepresent a vulnerability scan as a pentest are looking for customers that simply want to “check-the-box” and move on. They just want a clean report, but this is very short sighted.
Embedded systems are more prevalent in our connected world than ever before. We’ve tested cable modems, physical access controls, surveillance cameras, and more.
These embedded devices power our IoT connected world and, unfortunately, often contain vulnerabilities. Maybe it's due to a proprietary network stack or because they’re running outdated code, or maybe the design gaps are reflecting a lack of industry standards. Maybe all of the above. No matter the reason, we've exploited devices and embedded controllers even as their designers have said it was impossible.
Raxis SCADA pentesters are experienced in all types of controllers, including those used by power generation, logistics, water treatment, oil platforms, and transportation. We’ve flown all over the world and even undergone HUET safety training.
As the PLC, RTU, HMI, and other systems are often forgotten about while deployed in the field, security gaps are repeatedly prevalent at all levels. Finding the vulnerabilities is usually the hardest part of the battle, and our process doesn't leave any stone unturned. We can perform SCADA testing both onsite and remotely using Transporter to securely interface the private side of the network.
2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA
+1 678.421.4544
All content and web design ©2023 Raxis LLC